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Please cancel claims 1-13 and enter new claims 14 - 22 as follows: 


1 14. A method for personalizing GSM chips having a memory range in which at 

2 least one subscriber identification number IMSI and a card number ICCID are stored, and 

3 wherein for personalizing the chip an additional secret key Ki and, optionally, additional data 

4 are stored, wherein at the manufacturer for pre-personalizing the chip, at least initial card- 

5 specific data, namely a first secret key KM and, optionally, additional data, such as PIN and 

6 PUK are stored, comprising the steps of 

7 a) performing the personalization of the chip when the subscriber logs on to the 

8 subscriber network for the first time; 

J> b) obtaining the ICCID and the IMSI from a number pool, the chip itself derives an 

JD initial key KM from a key K1 which is known and entered into the chip, while PIN and PUK 

ifl are set to a default value; 

If °) making an entry in the authentication center (AC) and the home location register 

jl| (HLR) as soon as a subscriber has entered into a contract with the network operator; 

U d) deriving the authentication center (AC) the initial first key KM ; 

H e) setting the conditions of the network so that during logon to the network, a 

16 connection is established from the chip to the security center of the network operator (SC); 

17 f) routing the connection from the chip to the SC during the first logon; 

18 9) negotiating a new second secret key Ki_2 and, optionally, a PUK with the chip or 

19 generated in the security center (SC) and transmitted to the chip; 

20 h) disabling the conditions of step e). 


2 


15. The method according to claim 14, .wherein the initial secret key KM which is first 
stored in the chip, is not transmitted to and stored in the AC before the contract is 
established. 

16. The method according to claim 14, further comprising the step of employing a Diffie- 
Hellman method to negotiate the second secret key Ki_2. 

1 7. The method according to claim 1 6, wherein the home location register (HLR) is capable 
of setting and deleting a rerouting command (hotlining flag). 

1 8. The method according to claim 1 7, wherein , when the initial key KM is entered into the 
authentication center (AC) for the first time, the hotlining flag is also set in the home location 
register (HLR). 

1 9. A chip having stored in the memory range at least one subscriber identification number 
IMSI and a card number ICCID as well as for the purpose of personalization an additional 
secret key Ki and, optionally, additional data, wherein for pre-personalizing the chip there are 
further stored initial card-related data, namely a first secret key KM and, optionally, 
additional data, such as PIN and PUK, wherein the chip in the terminal equipment is Toolkit- 
enabled and includes means for communicating with a security center (SC) and negotiating 
a key. 


1 20. The chip according to claim 1 9, wherein the chip includes means for receiving data from 

2 the security center (SC) and means for writing these data to a memory and, optionally, 

3 reading these data from the memory, changing these data and/or transmitting these data to 

4 the security center (SC), 

1 21. The chip according to claim 20, wherein the chip comprises a microprocessor for 

2 negotiating a secret key with the security center (SC). 

1 22. The chip according to claim 21, wherein the chip includes a dialing number which is 

ji fixedly programmed by the manufacturer (fixed dialing). 

W IN THE SPECIFICATION: 

:;s; r, ~~~ 

t. On page 1, line 3, delete "Description" and insert instead 

6 -- BACKGROUND OF THE INVENTION 
1. Field of the Invention --: 

On page 2, line 19, please insert: 

-2. Description of the Related Art 

EP-A-562 890 discloses a mobile communication network having the capability for remotely 
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updating a so-called subscriber identification module (SIM) in mobile stations. The SIM stores 
data for controlling the mobile stations and for access to the services of the mobile radio 
network. The data stored in the SIM can be changed, i.e., updated, over the radio air 
interface. However, a method for personalizing a SIM over the air interface is not described. 

WO-A-97/14258 also describes a method and a device for programming a mobile station via 
an air interface. Optionally, programs stored in the mobile station are here replaced or 
additional data are transmitted via the air interface. The method described herein also 
permits an initial activation of the mobile station via the air interface, but not a 
personalization of a subscriber identification module. 

WO-A-93/07697 relates to a method for personalizing an active so-called SIM card. The SIM 
card is here completely personalized in an authorized terminal equipment which is connected 
via an encrypted communication line with a the central computer of the mobile radio network. 
However, a personalization of the chip card when the subscriber first logs on to the mobile 
radio network, is also neither taught nor suggested by this reference.- - 

Page 2, please delete line 24-27 and 
Page 3 delete entirely and insert instead 
- - SUMMARY OF THE INVENTION 
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To solve the object, the invention propose that the personalization of the chip is performed 
when the subscriber logs on to the subscriber network for the first time, wherein the 
following process steps are carried out in that in a first process step, the chip manufacturer 
obtains the ICCID and the IMSI from a number pool, the chip itself derives an initial key KM 
from a key K1 which is known to and entered into the chip by the chip manufacturer, while 
PIN and PUK are set to a default value, in a second process step, an entry is made in the 
authentication center (AC) and the home location register (HLR) as soon as a subscriber has 
entered into a contract with the network operator, in a third process step, the authentication 
center (AC) also derives the initial first key KM , in a fourth process step, the network sets 
the conditions so that during logon to the network, a connection is established from the chip 
to the security center of the network operator (SC), in a fifth process step, the connection 
is routed from the chip to the SC during the first logon, in a sixth process step, a new second 
secret key Ki_2 and, optionally, a PUK is negotiated with the chip or generated in the security 
center (SC) and transmitted to the chip, in a seventh process step, the conditions of the 
fourth process step are disabled again. 

Further, a chip is provided wherein in the memory range of the chip there are stored at least 
one subscriber identification number IMS! and a card number ICCID as well as for the purpose 
of personalization an additional secret key Ki and, optionally, additional data, wherein for pre- 
personalizing the chip there are further stored initial card-related data, namely a first secret 
key KM and, optionally, additional data, such as PIN and PUK, characterized in that 
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the chip in the terminal equipment is Toolkit-enabled and includes means for communicating 
with a security center (SC) and negotiating a key. 

The technical teachings according to the invention attains the following advantages: 
Elimination of a central personalization at the network operator; Issuance of a large number 
of GSM chips without producing a static load at the network operator; Reuse of "used" GSM 
chips; Regular change of the secret key Ki while used by the customer. 

With the proposed method, the device manufacturer/chip manufacturer applies initial data 
associated with the card to the chip, which could be referred to as pre-personalization. The 
network operator himself performs the actual personalization at a later time and only for 
those customers who enter into a contract with the network operator. 

The pre-personalization does not yet produce a static load at the network operator. The 
method therefore makes it possible to distribute "millions" of GSM chips, for example in each 
and every automobile, in each laptop computer or in each alarm system, and to subsequently 
"activate" only the chips of those customers who enter into a contract. 

It is also possible to reuse cards if a customer terminates his contract (for example, if he sells 
his automobile). 
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In particular, in the case of the network operator D1 , the dealer could release returned cards 
again for another customer. The network operator therefore eliminates the personalization 
of cards in the terminal equipment replacement business. 


On page 9, on line 1 1 , please insert: 

- BRIEF DESCRIPTION OF THE DRAWINGS --; 

On page 9, line 20, please insert: 

--DETAILED DESCRIPTION OF THE PRESENTLY PREFERRED EMBODIMENTS ~: 

On page 15, delete "SUMMARY" and insert -ABSTRACT- -; 


REMARKS 

This Preliminary Amendment has been made to add/replace the substitute 
pages from the PCT International application into the national phase prosecution and to 
prosecute the claims that were submitted as replacement claims. Such claims have been 
rewritten to conform to the US prosecution standards. No new matter was added. 
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An early and favorable action on the merits is respectfully requested. 


Respectfully submitted, 



Christa Hildebrand, Esq. 
Registration No. 34,953 
Attorney for Applicants 

Darby & Darby, P,C. 

805 Third Avenue 

New York, New York 10022 

(212) 527-7700 
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Method and device for customer personalization of GSM chips 


Description 

5 A method is proposed for customer personalization of GSM chips which assumes that 
the chip at the time of the personalization is located in the terminal equipment of the 
customer. 

According to the present state of the art, the network operators presently implement the 
GSM chip in a GSM card which is inserted in the terminal equipment. The chip may 
10 also be permanently integrated in the terminal equipment, for example, on a plug-in 
card of a computer. It is not important for the present method if a GSM card or a 
terminal with an integrated chip is employed. A "chip" in the broadest sense is 
understood to be an EPROM, an EEPROM, as well as an "intelligent" microprocessor. 

15 Regardless of a particular embodiment, the following discussion will use the term 
"chip" and "chip manufacturer." 

With centralized personalization used until now, the chip receives, aside from other 
data, a card number (ICCID), a subscriber identification number (IMSI) as well as 
20 several secret numbers. While the chip manufacturer can easily apply the data ICCID 
and IMSI to the chip, the network operator likes to keep control over the secret 
numbers, in particular over the key Ki, which should be known only to the card and the 
network. 

25 With the present centralized personalization, the network operator receives from the 
card manufacturer unmarked cards and subsequently writes the final secret key. 
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Replacement sheet 2 

Accordingly, this key is only known to two localities, namely the chip itself and the network 
operator. 

Disadvantageous^, an extraordinarily large static load is produced in the computer center of the 
network operator. A generator generates a large number of keys which are then applied to the 
respective cards. The key generated for each card is then simultaneously transmitted to the 
computer center (authentication center AC), whereafter the card is issued to the sales 
organization. The AC therefore has already stored all subscriber identification numbers MSI 
and the associated secret keys Ki at the time the respective card is issued and has to administer 
these identification numbers and keys, although the respective card has not yet been sold and is 
still in the possession of the vendor. Consequently, cards which have not yet been sold are 
stored in large numbers of sales offices, while the data of these cards have to be administered by 
the AC. 

In addition, it may happen that when a manufacturer or another member of the sales organization 
attempts to personalize the cards, the key may have already be compromised. The initial 
personalization of the chip is therefore not secure and may be subject to misuse. 

EP-A-562 890 discloses a mobile communication network having the capability for remotely 
updating a so-called subscriber identification module (SIM) in mobile stations. The SIM stores 
data for controlling the mobile stations and for access to the services of the mobile radio 
network. The data stored in the SIM can be changed, i.e., updated, over the radio air interface. 
However, a method for personalizing a SIM over the air interface is not described. 


Replacement sheet 2a 


WO-A-97/14258 also describes a method and a device for programming a mobile station via an 
air interface. Optionally, programs stored in the mobile station are here replaced or additional 
data are transmitted via the air interface. The method described herein also permits an initial 
activation of the mobile station via the air interface, but not a personalization of a subscriber 
identification module. 

WO-A-93/07697 relates to a method for personalizing an active so-called SIM card. The SIM 
card is here completely personalized in an authorized terminal equipment which is connected via 
an encrypted communication line with a the central computer of the mobile radio network. 
However, a personalization of the chip card when the subscriber first logs on to the mobile radio 
network, is also neither taught nor suggested by this reference. 

It is therefore an object of the invention to improve a method, a device and a chip of the 
aforedescribed type so that the overly complex administration in the AC can be simplified and 
the secret data of the chip can be stored more securely. 

To solve the object, the invention is characterized by the technical teachings of claim 1 . A chip 
according to the invention is characterized by the technical teachings of claim 6. 


Replacement sheet 3: 


The technical teachings according to the invention attains the following advantages: 
Elimination of a central personalization at the network operator 

Issuance of a large number of GSM chips without producing a static load at the network operator 
Reuse of "used" GSM chips 

Regular change of the secret key Ki while used by the customer. 

With the proposed method, the device manufacturer/chip manufacturer applies initial data 
associated with the card to the chip, which could be referred to as pre-personalization. The 
network operator himself performs the actual personalization at a later time and only for those 
customers who enter into a contract with the network operator. 

The pre-personalization does not yet produce a static load at the network operator. The method 
therefore makes it possible to distribute "millions" of GSM chips, for example in each and every 
automobile, in each laptop computer or in each alarm system, and to subsequently "activate" 
only the chips of those customers who enter into a contract. 

It is also possible to reuse cards if a customer terminates his contract (for example, if he sells his 
automobile). 

In particular, in the case of the network operator D 1 , the dealer could release returned cards again 
for another customer. The network operator therefore eliminates the personalization of cards in 
the terminal equipment replacement business. 
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To implement the technical teachings, the GSM chip can advantageously be Toolkit- 
enabled, In particular, the terminal equipment should be able to transmit short 
messages to the network operator. The chip should also offer a function to restore the 
initial state of the chip (see below). 
5 The terminal equipment or a different device may also use this function of the chip. 
The terminal equipment should also be able to read the card number and the version 
number (see below). (Alternatively, the card number and the version number could be 
indicated on the GSM card). 

The chip manufacturer is responsible for the pre-personalization. ICCID and IMSI are 
taken from a pool of numbers, whereas the chip itself derives from a key Kl which is 
known to the chip manufacturer, an initial key Kil . PIN and PUK are set to a default 
value. 

No entry is made into the AC 

When a customer is signed up, an entry is made in the AC. This entry is also derived 

from the initial key Ki_l . 
The hotlining flag is set in the HLR 
The first call is routed to a security center 

The security center negotiates a new Ki_2 as well as a PUK, using the Diffie-Hellman 
method. 

Used chips intended for reuse are reset with an internal function. 

Pre-personalization at the chip manufacturer is carried out by allocating a range of card 
numbers and subscriber identification numbers to each chip manufacturer. The 
25 number ranges for ICCID and IMSI are large enough to make this possible. 

The chip manufacturer also receives the following data from the network operator: a, 
p, VER, Kl. 

The chip manufacturer then applies the following data to each chip: 


ICCID card number 

IMSI subscriber identification number (is tied to ICCID, for example, by having the 
same position within the two number ranges for ICCID and IMSI) 

a a sufficiently large number forming the basis for Diffie-Hellman 
5 p a sufficiently large number, prime number for Diffie-Hellman 

VER a version number, for example 8 bytes, unique for each chip manufacturer (can 
be changed from time to time) 

Kl 8 bytes DES key, uniquely tied to VER. 

10 Note: The network operator could derive the key Kl from the version 

number VER using a master key (for example with the DES method). 
However, this is not required. 

The chip then generates the following secret numbers: 

15 

Ki_l Ki_l is an initial Ki which the chip derives from the IMSI using the DES key 
Kl. 

PIN PIN is set to a fixed value of 0000. 
PUK PUK is set to a fixed value of 00000000. 
20 Optionally, additional secret numbers. 

The chip must retain Kl and the generated secret numbers in a secure region and 
protect these numbers from being read. 

25 The processes in the authentication center AC: 

The AC knows the key Kl of each version number VER (Kl can be derived from VER 
using a master key so that the values Kl issued to the chip manufacturer do not 
need to be stored). 

30 The initial values Ki_l generated by the chips are not recorded in the AC. 


6 

Since the AC does not yet know the IMSTs, no static load is produced. 

Customer sign-up and release bv the network operator 

5 A customer who wishes to use his device (his card, his chip), enters into a contract 
with the network operator. The card number (ICCID) identifies the chip. 

The network operator activates the following actions: 

10 Reading or obtaining the card number and version number (ICCID, VER) 
The IMSI is permanently associated with the ICCID 

IMSI and VER are entered into the AC (it is only now that the subscriber relationship 

is made known in the AC) 
The AC knows the key Kl which is permanently tied to VER and generates from Kl 
1 5 the initial key Ki_l from the IMSI, using the same method being used in the 

chip 

The HLR sets the "hotlining flag" to this IMSI. The first call is then routed to 
an SC (security center). (The SC could also be the HLR/AC itself) 

20 The first call: final personalization of the chip 

Since the chip and the AC now have knowledge of the same secret key Ki__l, the chip 
logs on to the network. (The PIN is 0000 and known to the customer) 

With hotlining enabled, the first call is automatically routed to the SC. Depending on 
25 the software in the Toolkit-enabled terminal equipment, the first call could 

already be a short message 

The SC advantageously uses the Toolkit-features of the chip and negotiates with the 
chip a new secret key Ki_2. 
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The Diffie-Hellman method is used herein which has the following advantages: 
Keys of arbitrary length can be negotiated 

It is not sufficient to listen to the air interface to extract the generated key. 
The chip stores the new key Ki_2 (this key is subsequently used for authentication). 
5 - The new key can be immediately verified (for example, challenge response, as is 
customary with GSM); 

- The SC transmits the new key Ki_2 to the AC; 

- By again using Diffie-Hellman, the SC negotiates a PUK (or additional secret 
numbers) with the chip. (The network operator can subsequently communicate the 

10 secret numbers to the customer or retain the secret numbers for service purposes) 

- The hotlining flag in the HLR is removed. Normal calls are now enabled, with the 
new secret key Ki_2 being used from this time on; 

- The Toolkit-enabled terminal equipment informs the customer about success or 
failure; 

15 - The Toolkit-enabled terminal equipment may aks the customer to select a new PIN. 
Reuse of used chips/cards 

It will be assumed that the subscriber relationship is removed from the HLR and the 
20 AC because the customer has terminated his contract. When a contract is entered with 
the new customer and a used chip is reused, the following steps are executed: 

First, the function of the terminal equipment to initialize the chip is employed. 
Thereafter, in the chip: 
25 Ki_2 is deleted 
Ki_l is reactivated 
The PIN is set to 0000 

The PUK is set to 00000000 (in an analogous manner, with additional secret numbers 
PUK2) 

30 This function could, for example, be activated within the Dl network by the XI 3 
which is installed at many dealer sites. In this way, the dealer can issue another 
initialized card. 


The additional steps are identical to those for customer sign-up and release by the 
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network operator (see above). 

Change of the secret key during the utilization tim e of the chip 

5 The network operator can force a change of Ki in regular intervals. This can be done 
simply by enabling the hotlining flag in the HLR which routes the call to the SC and, 
as described above, by negotiating a new Ki. However, the PTJK should not be 
renegotiated at this time. 

10 Possibilities for misuse (illustrated here for DP 

1 . The key Kl of a chip manufacturer is compromised and a card is copied. 

1 . 1 The IMSI is not yet known in the AC. The card does not register. 
15 1.2 The IMSI of the genuine card is already in the AC and has already been provided 
with the final personalization. 

The forged card cannot log on since Ki_l is different from Ki_2 (authentication 
failed). 

1.3 The genuine IMSI is already in the AC, but final personalization has not yet been 

20 performed. 

This refers to the brief time interval between the time the contract takes effect 
and the device is switched on for the first time. During this time interval, a 
forged card could be "inserted." The genuine card would then not be able to log 
on because it does not have the Ki_2 of the forged card. This scenario could be 

25 prevented, for example, 
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by including - at the time of the subscription - on the order document a secret 
number which the customer has to provide after receiving the key. This secret 
number is sent to the SC where it is checked. 

5 2. The customer initializes his own card (for example with XI 3). Thereafter, the 
card has the key Ki_l and does no longer log on. 

The invention will now be described with reference to an embodiment illustrated in the 
drawings. Additional features and advantages are disclosed in the drawings and in the 
10 description of the drawings. 

It is shown in: 

Figure 1 : schematically, the pre-personalization of the cards at the chip manufacturer; 

15 

Figure 2: schematically, the processes during the release by the network operator 
(final personalization); 

Figure 3 : schematically, the processes when the chip is erased and reused. 

20 

Figure 1 illustrates in the form of a drawing what has already been described on page 4 
of the description, namely that the card number ICCID is provided in a range between 
a number X and a number Y. 

25 The same applies to the subscriber identification number IMSI which is also located in 
a range of values between A and B, 

In the two number ranges allocated for ICCID and IMSI, a number a is selected as a 
base for the Diffie-Hellman algorithm as well as a number p which serves as a prime 
30 number for the Diffie-Hellman encryption. 
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Also defined is a number VER which can be a functional number having a length of 8 
bytes. In addition, the key XI is computed in form of a DES key which is tied to 
VER. 

5 The aforedescribed data are entered into the card, with the chip generating (computing) 
the secret number Ki_l which is stored in the card. The card is supplied in this form 
(pre-personalized) to the VO (sales organization). 

Figure 2 illustrates the individual processes which are described in the description 
10 starting on page 5 . 

In a first process step, the VO enters into a contract with the customer. In the same 
process step, the card number ICCID and the version number together with the 
contract are entered in an order confirmation, wherein this order confirmation is 
15 communicated in a second process step to the AC together with the subscriber 
identification number and the version number VER. 

At the same time, the subscriber identification number IMSI is communicated to the 
HLR so that the HLR is made aware of the card data and establishes the so-called 
20 hotlining flag. 

The customer now receives his pre-personalized card and establishes in a first call - 
which according to the present invention is forcibly switched to the SC - contact with 
the SC. In this first call, the Ki__2 is negotiated as well as the PUK, with the new PIN 
25 being set at the same time. At the same time, the SC verifies the secret key Ki_2 with 
respect to the card. 

In a fourth method step, the SC contacts the HLR and removes the hotlining flag, 
which in turn enables the customer to make unrestricted calls. 


30 


Replacement sheet 1 1 : 


In the fourth method step, the SC also communicates the secret key Ki_2 to the AC. 

At this point, the card is released and provided with the final personalization. 

The reuse of used cards has been described in detail above. As seen from Fig. 3, the customer 
contacts with his card the VO which enters the card number ICCID into the order confirmation 
so that the IMSI is deleted both in the AC and in the HLR. 

In this way, the key Ki_2 is deleted and the key KiJ is reactivated and stored in the card. 
Likewise, the PIN is set to the value 0000 and also the PUK. 

The card, having been pre-personalized in this way, can now be sent to a card pool and reissued 
to new customers. 

In other words, the final personalization is reversed so that the card is in the same state as when 
it was pre-personalized. 

It should also be noted that the network operator where the order is placed, is also referred to as 
Order Receiving Office and that this Order Receiving Office has knowledge of the association 
between ICCID and IMSI due to their 1:1 association within the issued range of numbers. 


Claims 
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1 . Method for personalizing GSM chips having a memory range in which at least one 
subscriber identification number IMSI and a card number ICCID are stored, and 
5 wherein for personalizing the chip an additional secret key Ki and, optionally, 
additional data are stored, 

characterized in that the chip is personalized at the time when the subscriber logs on to 
the subscriber network. 

10 2. The method according to claim 1, characterized in that the chip is personalized 
when the subscriber logs on to the subscriber network for the first time . 

3. The method according to claim 1 or 2, characterized in that for pre-personalizing 
the chip at the manufacturer, at least initial, card-specific data, namely a first secret key 

15 Ki_l and, optionally, additional data, such as PIN and PUK are stored. 

4. The method according to one of the claims 1-3, characterized by the following 
process steps: 

in a first process step, the chip manufacturer obtains the ICCID and the IMSI 
20 from a number pool, the chip itself derives an initial key Ki 1 from a key 

Kl which is known to and entered into the chip by the chip manufacturer, 

while PIN and PUK are set to a default value, 
in a second process step, an entry is made in the AC and HLR as soon as a 

subscriber has entered into a contract with the network operator, 
25 in a third process step, the AC also derives the initial first key Ki_l, 

in a fourth process step, the network sets the conditions so that during logon to 

the network, a connection is established from the chip to the component SC 

(security center of the network operator), 
in a fifth process step, the connection is routed from the chip to the SC during 
30 the first logon, 

in a sixth process step, a new, second secret key Ki_2 and, optionally, a PUK is 

negotiated with the chip (for example using the Diffie-Hellman method) or 

generated in the SC and transmitted to the chip, 
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in a seventh process step, the conditions of the fourth process step are disabled 
again. 

5. The method according to one of the claims 1-4, characterized in that the initial 

5 secret key Ki_l which is first stored in the chip, is not transmitted to and stored in the 
authentication center (AC) before the contract is established. 

6. Chip for carrying out the method according to one of the claims 1-5, characterized 
in that the chip in the terminal equipment is Toolkit-enabled and can communicate 

10 with the SC and negotiate a key. 

7. The chip according to claim 6, characterized in that the chip can receive data from 
the SC and writes these data to its memory and, optionally, reads these data from the 
memory the and changes the data and/or transmits the data to the computer center 

15 (SC). 

8. The chip according to one of the claims 6 or 7, characterized in that the micro- 
processor of the chip negotiates a secret key with the SC. 


20 


9. The chip according to claim 8, characterized in that the key of the method is 
negotiated using the Diffie-Hellman method. 
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10. The chip according to one of the claims 6-9, characterized in that the chip has a 
dialing number which is fixedly pre-programmed by the manufacturer (fixed dialing). 

1 1 . Computer center for carrying out the method according to one of the claims 1-5, 
5 characterized in that the HLR is capable of setting and deleting a rerouting command 

(hotlining flag). 

12. Computer center for carrying out the method according to one of the claims 1-5, 
by using a chip according to one of the claims 6-10, characterized in that the network 

10 sets conditions so that a connection is established from the chip to the component SC 
during logon to the network. 

13. Computer center for carrying out the method according to one of the claims 1-5, 
by using a chip according to one of the claims 6-10, characterized in that the hotlining 

15 flag is set in the HLR when the initial key Ki_l is a first entered in the AC. 
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SUMMARY 

The invention relates to a method for personalization of GSM chips. At least one 
subscriber identification character (TMSI) and a card number (ICCID) are stored in the 
memory area of said chips in addition to a secret key (KI) and other optional data for 

5 personalization purposes. The invention aims to eliminate an unnecessarily high degree 
of complexity linked to management of all card data in an authentication centre (AC) and 
to preserve secret chip data in a more secure manner. According to the invention, final 
data is only written on the chip when the subscriber logs into a subscriber network. One 
advantage is that only initial data is written into the card enabling the customer to 

10 contact the computer centre of the information provider. During first contact the final 
data is traded between the card and the computer centre and written into the card. The 
computer centre is simply required to manage cards which have really been issued to 
customers. 
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